The purpose is to prevent forgery of documents. Actually, even more fundamentally, it is a way of saying "I was at this place at this time" - I don't believe there is any system which can do better than that (any kind of device-based fingerprinting would be a DRM scheme, and therefore flawed from conception.) I don't believe that these documents could be made to be self-verifying, although this is the sort of attempt being made with J3M. CitizenMediaNotary<https://github.com/Miserlou/CitizenMediaNotary>proposes to make documents network-verifiable against retroactive forgery, but this is actually a different problem ("have we seen this before" rather than "where in spacetime was this created"). Let's suppose a use case. Seems like we're about to have a nice little war in Syria, so let's use that. Suppose a citizen reporter creates an image of a bombed-out orphanage for impoverished nuns. Al-Jazeera wants to run with it, but can it be trusted? How do we know that this is actually an image from 2013 Syria, and not a previously-unpublished image from 2011 Libya, uploaded by a military agent? A geokey system would use network properties to assure that regions of spacetime have unique identifiers. These identifiers could then be tied to media, with a network protocol or J3M or something similar. Ideally, the handing out of these cryptographic identifiers would actually be done via satellite and not IPv4, as spatial IPv4 allocation isn't always accurate, especially with mobile phones. Also, the thought of there being geostationary microsats for the sole purpose of providing cryptographic spacetime assurances just gives me the sci-fi tinglies. Imagine little crypto robot oracles wizzing through space, beeping out random zeros and ones back down onto the planet! I guess the best we can do with this system is just narrow the "forgery surface" to people who are at a certain place at a certain time who have also preconspired to construct forgeries based on the keys generated by the oracle. This is not perfect, but it's better than nothing - assuming that we keep this limitation in mind. On Tue, Aug 27, 2013 at 8:57 AM, Lance Cottrell <loki@obscura.com> wrote:
I think we need to look first at the threat model you are trying to address. Is the concern that the photo's creator would fake the location of the photo? Is it that you want to make the location of the photo self-verifying if it is re-used? Do you want to simply be able to spot re-use and prove where the photo was actually taken? Something else?
I think that a clearer definition of the problem will help identify the most appropriate solutions.
-- Lance Cottrell loki@obscura.com
On Aug 26, 2013, at 4:08 PM, Rich Jones <rich@openwatch.net> wrote:
This is a small, unfinished idea I had, but I'd be interested in hearing any feedback anybody here might have to offer. Normally we talk about cryptography to secure communications, but this is an idea rather about verifying the authenticity of media.
[Quick backround: OpenWatch <https://openwatch.net/> is a global citizen media network using mobile phones as the basis for a free worldwide press. We care very much about the authenticity of citizen media, and have designed some systems <https://github.com/Miserlou/CitizenMediaNotary>which attempt to improve the verifiability of citizen media.]
The problem is that sometimes media artifacts are presented as a record of a current event, when in fact they from different events. An example of this was when images of a marathon race in Istanbul were presented as images<http://twitchy.com/2013/06/01/debunked-photo-of-occupygezi-crowds-crossing-istanbul-bridge-is-a-fake/>of the recent Occupy Gezi protests.
Now, imagine the globe divided into a grid coordinate system, say 100,000 units (or perhaps 232, if IP rather than physical address is to be used). Based on their physical location, reporters can contact a server and are assigned a key with which to sign or encrypt their media to. This then ties a media object to a physical space. This can be further improved to include both time and space by dividing a space-day into a number of units, suppose 1440, such that different keys would be handed out at different times of the day, thus further tying a document to a moment in time as well.
Does anybody know if any systems like this have ever been discussed or designed in the past? I suppose this is somewhat similar to the RSA-keyfob system, although this allows for anonymous access without pre-arrangement as well.
R
-- ————————————— Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS<https://itunes.apple.com/us/app/openwatch-social-muckraking/id642680756?ls=1&mt=8>and for Android<https://play.google.com/store/apps/details?id=org.ale.openwatch&hl=en> !